Windows Update's "secret" little updates
A recent discovery involving the behavior of Microsoft's Windows Update service has many people up in arms about privacy, trust and security concerns.
On September 13, Scott Dunn, a contributing editor for windowssecrets.com, reported that the Windows Update service found in Windows XP and Windows Vista has recently been secretly downloading updates from Microsoft without any consent from the computer user.
So far, these "stealth" updates have only affected the Windows Update service itself (in other words, updates to the actual updater), and not to other Windows components.
Still, many critics are arguing that the secret updates illustrate a blatant disregard by Microsoft for users' privacy, as the Windows Update feature isn't honoring their Automatic Updates preferences.
The behavior of the Automatic Update feature in question can be configured via the "Automatic Updates" icon in the Windows Control Panel.
Windows XP and Vista users with administrative access can select one of four Automatic Update preferences:
"Automatically download and install recommended updates"
"Download updates for me, but let me choose when to install them"
"Notify me but don't automatically download or install them"
"Turn off Automatic Updates."
The problem, critics argue, is that Windows Update downloads and install updates, even if the user has elected not to automatically download or install updates.
Many see the issue as a matter of trust and are simply upset that updates were installed in a secretive fashion without their knowledge or consent.
Many are also upset because of the security implications that this secret "back door" into their PC could bring them.
If a hacker were to compromise the Windows Update service, many argue, they could use it to silently install viruses, worms, spyware and other forms of malicious software on the PC.
And yet others worry that such updates could interfere with applications already installed on the PC. Without notification, users cannot plan (doing data backup, setting system restore points, etc) for updates they feel are questionable.
Although initially slow to respond, Microsoft finally broke the ice when Nate Clinton, program manager for the Microsoft Update Product Team, tackled the issue on his Microsoft technet blog.
Clinton defended Microsoft's position by insisting that Microsoft's update practices are a necessary part of quality control for their update services and Microsoft products in general, and without it, he argued, Microsoft would not be able to meet customer expectations.
He also insisted that Windows Update does not download updates for itself if the users have chosen to disable automatic updates (the last option in the list of Automatic Updates preferences).
Clinton hinted, however, that perhaps Microsoft could be more transparent about the whole Windows Update process in general.
Although the debate continues, PC users should be aware of the situation, as they may be impacted by the situation in some way or another.
At this point, however, most computer experts will undoubtedly discourage computer users from hastily disabling or blocking Windows Update. The security updates and bug fixes provided by Windows Update likely far outweigh any potential for problems.
In fact, in many ways businesses that use Windows XP and Windows Vista may have a bigger reason to worry than most general consumers do, simply because many businesses now heavily rely on computers to function properly and simply cannot afford to have equipment that does not work correctly.
Either way, consumers should be aware of the issue.
Have comments about this article or suggestions for a future Tech Tips article? Send an e-mail to firstname.lastname@example.org.